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11. (Amended) A method for enabling y program 

written in untrusted code to access a native operating 
system resource, comprising the steps^of : 

having a trusted login servic^listen on a named 
5 pipe for login requests, - 

responsive to a login regfi/est, wherein the login 
request contains an identifier for a uniquely-named 
response pipe, having th^ycrusted login service request 
a native operating sys^^m identifier; 
10 returning to th^/^rogram via the uniquely-named 

response pipe the native operating system identifier, 
wherein the uniquely -named response pipe and the named 
pipe are not identical; 

in an authentication framework, using the native 
15 operating s^feyfcem identifier to create a credential 
obj ect ; 

usiira the credential object to login to the native 
operating system to enable the program to access the 
resou/ce . 



12/ (Amended) The method as described in claim 11 

/wherein the native operating system supports named-pipe 
servers . 
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13 . (Amended) The method as described in clj&im 12 

wherein the program is written in an interpreted 
language . 

5 14. (Original) The method as des^pibed in claim 11 

wherein the authentication framework is a pluggable 
authentication mechanism (PAM)/having a set of 
application programming interfaces (APIs) . 

10 15. (Original) ThsTymethod as described in claim 14 

wherein the set of y^plication programming interfaces 
include login, commit, abort and logout APIs, 



16. (Amended) The method as described in claim 14 

15 wherein tme authentication framework is compliant with 
an authentication service of a virtual machine. 
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17. (Amended) A computer program product 

computer readable medium for enabling a prog^6m written 
in untrusted code to access a native ope^Jting system 
resource, the computer program producty^omprising the 
5 steps of: 

means for listening on a nam^ff pipe by a trusted 
login service for login request; 

means responsive to a locjan request for requesting 
a native operating system i/aentifier by the trusted 
10 login service, wherein ttuB login request contains an 
identifier for a unique/y-named response pipe,; 

means for return^ig to the program via the 
uniquely-named response pipe the native operating 
system identifier/ wherein the uniquely-named response 
15 pipe and the nayed pipe are not identical; 

in an authentication framework, using the native 
operating s^tem identifier to create a credential 
object; an/ 

usir$ the credential object to login to the native 
20 operat^yig system to enable the program to access the 
resoi 
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18. (Amended) The computer program/product as 

described in claim 17 wherein the projgfram executes in a 
virtual machine supported by the native operating 
system and the native operating/^system supports 
5 named-pipe servers. 



10 



19. (Amended) The ^bmputer program product as 
described in claim lwwherein the program is written in 
an interpreted langndage . 

20. (Amended)// The computer program product as 
described in//5laim 17 wherein the authentication 
framework d/s compliant with an authentication service 
of a virtjaal machine. 
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21. (Amended) An application server, comprising: 

a set of programs that are supported byf a virtual 

machine that is supported by a native operating system; 
a processor running the native ouer^ting system 
5 providing support for executing the/s^£ of programs; 

and 

means for enabling each ptfbafam in the set of 
programs to run in an operat/ng system thread while 
impersonating a different Aafcive operating system user 

10 in accordance with a toteepi that was created during a 

login operation in thoynative operating system and that 
was associated with/a program while the program was 
acting as a namecwpipe server to listen for a login 
response on a named pipe that was uniquely created for 

15 a login request to obtain the token, wherein the login 
request corrcained an identifier for the named pipe. 



22. (Amended) The application server as described 

in c2?aim 21 wherein the native operating system 



20 
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23. (Amended) The application server as described 

in claim 21 further including a server application 
executed by the processoj/for receiving a request for 
service from a client/machine and initiating execution 
5 of a program in t)0 set of programs in a given 
operating sysberfi thread. 



